shiro权限注解
一、注解解释
@RequiresAuthentication
表示subject已经通过登录验证,才可使用
@RequiresUser
表示subject已经身份验证或者通过记住我登录,才可使用
@RequiresGuest
表示subject没有身份验证或通过记住我登录过,即是游客身份,才可使用
@RequiresRoles(value={“admin”, “user”}, logical=Logical.AND)
表示subject需要xx(value)角色,才可使用
@RequiresPermissions (value={“user:a”, “user:b”},logical= Logical.OR)
表示subject需要xxx(value)权限,才可使用
二、示例
1、代码
注:连接均是可被匿名访问,控制器均是直接调用服务方法
服务
@Service
public class ShiroService {
/**
* 表示subject已经通过登录验证
*/
@RequiresAuthentication
public void testRequiresAuthentication(){
System.out.println("testRequiresAuthentication");
}
/**
* 表示subject已经身份验证或者通过记住我登录
*/
@RequiresUser
public void testRequiresUser(){
System.out.println("testRequiresUser");
}
/**
* 表示subject没有身份验证或通过记住我登录过,即是游客身份
*/
@RequiresGuest
public void testRequiresGuest(){
System.out.println("testRequiresGuest");
}
/**
* 表示subject需要admin角色
*/
@RequiresRoles(value = {"admin"},logical = Logical.AND)
public void testRequiresRoles(){
System.out.println("testRequiresRoles");
}
/**
* 表示subject需要权限user:create
*/
@RequiresPermissions(value = {"user:create"},logical = Logical.AND)
public void testRequiresPermissions(){
System.out.println("testRequiresPermissions");
}
}
2、不同情况下访问效果
1)未登录状态下访问
testRequiresAuthentication
异常
org.apache.shiro.authz.UnauthenticatedException: The current Subject is not authenticated. Access denied.
testRequiresUser
异常
org.apache.shiro.authz.UnauthenticatedException: Attempting to perform a user-only operation. The current Subject is not a user (they haven't been authenticated or remembered from a previous login). Access denied.
testRequiresGuest
通过
testRequiresRoles
异常
org.apache.shiro.authz.UnauthenticatedException: This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager. This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again. Because an identity is currently not known due to any of these conditions, authorization is denied.
testRequiresPermissions
异常
org.apache.shiro.authz.UnauthenticatedException: This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager. This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again. Because an identity is currently not known due to any of these conditions, authorization is denied.
2)登录user用户(user角色)状态下访问
testRequiresAuthentication
通过
testRequiresUser
通过
testRequiresGuest
异常
org.apache.shiro.authz.UnauthenticatedException: Attempting to perform a guest-only operation. The current Subject is not a guest (they have been authenticated or remembered from a previous login). Access denied.
testRequiresRoles
异常
org.apache.shiro.authz.UnauthorizedException: Subject does not have role [admin]
testRequiresPermissions
异常
org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [user:create]
3)登录admin用户(user、admin角色)状态下访问
testRequiresAuthentication
通过
testRequiresUser
通过
testRequiresGuest
异常
org.apache.shiro.authz.UnauthenticatedException: Attempting to perform a guest-only operation. The current Subject is not a guest (they have been authenticated or remembered from a previous login). Access denied.
testRequiresRoles
通过
testRequiresPermissions
异常
org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [user:create]
这篇好文章是转载于:学新通技术网
- 版权申明: 本站部分内容来自互联网,仅供学习及演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,请提供相关证据及您的身份证明,我们将在收到邮件后48小时内删除。
- 本站站名: 学新通技术网
- 本文地址: /boutique/detail/tanhfjjfhj
系列文章
更多
同类精品
更多
-
org.apache.ibatis.exceptions.PersistenceException: ### Error querying database. Cause: java.sql.SQ
-
commons-lang3
-
org.apache.catalina.core.StandardContext.startInternal 由于:前的错误,Context[/SpringMVC]启动失败
-
JDK8升级到JDK11后Cannot resolve symbol ‘BASE64Encoder‘
-
Failed to execute goal org.apache.tomcat.maven:tomcat7-maven-plugin:2.1:run (default-cli) on project
-
Apache的配置和运用
-
photoshop保存的图片太大微信发不了怎么办
PHP中文网 06-15 -
《学习通》视频自动暂停处理方法
HelloWorld317 07-05 -
Android 11 保存文件到外部存储,并分享文件
Luke 10-12 -
word里面弄一个表格后上面的标题会跑到下面怎么办
PHP中文网 06-20 -
photoshop扩展功能面板显示灰色怎么办
PHP中文网 06-14 -
微信公众号没有声音提示怎么办
PHP中文网 03-31 -
excel下划线不显示怎么办
PHP中文网 06-23 -
excel打印预览压线压字怎么办
PHP中文网 06-22 -
怎样阻止微信小程序自动打开
PHP中文网 06-13 -
TikTok加速器哪个好免费的TK加速器推荐
TK小达人 10-01